Search /
Advanced search  |  Help  |  Site map
Click for Layer 8! No, really, click NOW!
Networking for Small Business
FCC defends new net neutrality proposal
New iPad rumor rollup for week ending April 23
Dell adds Big Switch to its SDN mix
Google Plus now minus chief Vic Gundotra
Heartbleed prompts joint vendor effort to boost OpenSSL, security
Microsoft Surface Mini seems likely to ship soon
China working on Linux replacement for Windows XP
FCC adds $9 billion to broadband subsidy fund
Raspberry Pi alternatives emerge to fill need for speed
It's now possible to wirelessly charge 40 smartphones from 16 feet away
Ex-FCC commissioner to head CTIA in latest Washington shuffle
Go time traveling with Google Maps
While Heartbleed distracts, hackers hit US universities
Survey respondents shun much-hyped mobile shopping technologies
7 Ways to Advance Your Project Management Career
How Apple's billion dollar sapphire bet will pay off
US to vote on sharp increase in broadband subsidies
iPhone 6 rumor rollup for the week ending April 18
NSA spying revelations have tired out China's Huawei
Arista co-founder may have switch maker by its jewels
Open source pitfalls – and how to avoid them
AT&T's expanded 1 Gbps fiber rollout could go head to head with Google
Verizon: Web apps are the security punching bag of the Internet

Security needs spawn services

Managed detection services growing in popularity.

Today's breaking news
Send to a friendFeedback

Companies installing intrusion-detection software to protect their networks are faced with this practical question: Do we have the skills and time to keep the round-the-clock vigils the software requires?

The alternative is going to an outside firm that offers a managed security service that can identify denial-of-service attacks or other threats. This week, Internet Security Systems (ISS), which specializes in scanning software, and start-up Counterpane Internet Security, will each begin offering its own style of managed intrusion-detection services, boosting choice in an underserved area of security.

Although companies such as UUNET, AT&T and Exodus offer managed firewall services, only a few providers, including Pilot Network Services, have ventured to take on what is arguably the bigger challenge. And that's monitoring the customer's internal servers and network traffic, where some type of intrusion-detection sensors must be deployed to determine if systems are under attack.

Unlike the new offerings from ISS and Counterpane, the Pilot Network Services model requires firms to house equipment at a Pilot data center and connect to it by a private line.

"We're doing a security monitoring service by putting a probe on the customer's network to accept audit data from a wide range of devices," says Bruce Schneier, Counterpane's chief technology officer. Schneier, a leading cryptographer, started the company with $7 million in venture-capital funding from Bessemer Ventures and other firms.

Counterpane's Linux-based "black box" sensor captures syslog and audit outputs from Windows NT, Solaris and Linux servers; routers; security gear such as Check Point Software and Cisco Pix firewalls; plus ISS and Tripwire intrusion-detection software.

The Counterpane box regularly transmits the network activity output in encrypted form to Counterpane's data centers in Mountain View, Calif., or Chantilly, Va., where it is monitored around the clock.

"Embedded in this data are the footprints of attacks, and our analysts are trained to understand them," Schneier says, adding Counterpane staffers advise corporations on how to combat threats but do not make changes to the corporation's equipment.

Santa Clara service provider Conxion, which specializes in hosting business-to-business applications for customers including Visa International, has started using the Counterpane service.

"All our critical infrastructure devices report to the Counterpane device," says Conxion security director Mark Kadrich. "We have more than 20 firewalls, we use all the ISS intrusion-detection software, and it's hard to find qualified people to analyze this mind-numbing output."

Although some may argue that outsourcing network security management is an unacceptable risk, Kadrich - who requires everyone on his staff to earn the coveted CISSP security certification - argues otherwise. "Security needs to be results-based, and those unwilling to outsource don't really understand the problem," he says.

Counterpane says its service costs about $12,000 per month.

ISS, which holds about 60% of the market for intrusion-detection software according to market research firm IDC, has also recognized the pent-up demand for outsourcing help.

"We have 5,500 customers today, mostly larger firms, but there are literally millions of businesses drawn to the Internet for business-to-consumer or business-to-business e-commerce," says ISS CEO Thomas Noonan. "For many of them, security is important but misunderstood, and many have small IT departments."

ISS, which offers six products for network and application scanning and vulnerability assessment, has now developed a Managed Security Services platform. The offering, based on technology obtained through the acquisition of a company called Netrex, will enable ISPs and telecommunications firms to provide outsourced security monitoring. Customers will have to deploy the ISS SafeSuite intrusion-detection sensor on their sites to get the security monitoring service.

Under the plan, ISS will supply security experts to work in operation centers at ISPs and telecom firms. These experts will monitor corporate routers, provide Web-content filtering, and watch Check Point and WatchGuard firewalls, as well as the ISS intrusion-detection software.

According to Noonan, Ameritech, AT&T, Embratel, US West, BellSouth, NTT, Savvis and other service providers around the world have signed agreements to use the ISS Managed Security Services platform. Corporate customers for this so-called ePatrol Service will be given remote access to the same security view of their networks as the ISPs and telecom firms will have, Noonan says.

Some companies are already sold on managed security services.

ContiGroup Companies, formerly Continental Grain, has used the Pilot managed service for intrusion detection for about a year, installing the corporate firewall at Pilot.

"We didn't have the staff with the expertise for this, and the relationship with Pilot has worked well to fight viruses and hacking attempts," says Bill Clark, Internet service manager.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.